Issue with clients connecting on SSID with multiple vlans
I hope I can explain this correctly, it's a strange issue and I'm wondering if I'm just missing something.
I deployed a new Meraki AP at a branch location, on a new VLAN (let's say vlan 16). The intention was to extend our secure wireless out to that branch. So the same SSID used at the main office is on the branch office AP.
However the main office is on VLAN 10. I added VLAN 16 to the branch office.
If I place a port in the new vlan and connect a laptop to it, the laptop connects to our LAN just fine. It gets a DHCP address as expected and can reach the gateway. Routing is good.
If I plug the Meraki into the same port in the same new vlan, it also gets a DHCP address and can be managed in the dashboard. It shows green. Works the same if I switch the access port to a trunk port which I've done.
If I connect a client to the SSID, it fails to grab a DHCP address and cannot reach the default gateway. It can however ping the Meraki. Otherwise no network access.
The SSID is configured with RADIUS for authentication. RADIUS seems to work because the client device can sign in and connect. They just get no network.
The last step I did was add the new VLAN to a RADIUS attribute but I ran out of time to test it.
The SSID, let's call it Company_Secure, has the following VLAN settings. I am not sure if I should tweak these, or if I'm going off into the woods on something that's not the issue.
Re: Issue with clients connecting on SSID with multiple vlans
Do you have a separate network for that branch office or is that AP sitting in the main office meraki network on the dashboard?
How do you have the port configured where the AP connects to? How do you have the access control settings configured for the SSID (assuming local LAN access is allowed). Assuming also you have the AP's tagged correctly?
Do you have a separate network for that branch office or is that AP sitting in the main office meraki network on the dashboard? The branch office is on a separate network and is separated from the main office with a router. The router has a sub-interface with the new VLAN on it. The AP is at the branch office.
How do you have the port configured where the AP connects to? The port is currently set as a trunk port. How do you have the access control settings configured for the SSID (assuming local LAN access is allowed). - It's set for direct access and the firewall allows local LAN Assuming also you have the AP's tagged correctly? I believe so. I don't know though. The AP is tagged and the tag was added to the Company_Secure SSID and the SSID shows up. Then I added another tag for the VLAN ID as shown above in the screenshot.